BYOD Security Incident Costs Exceed $250,000

The use of personal mobile devices at work has rocketed over the past two years, with nearly half of IT executives noting that related security incidents cost their organizations over $250,000, according to Check Point.

The network security vendor interviewed 700 IT professionals in the United States, Australia, Canada, Germany, and the United Kingdom to compile its 2014 Mobile Security Report.

Nearly all (91%) said BYOD had increased, with 56% claiming they managed business data on employee-owned devices – up significantly from a figure of 37% last year.

Almost half (42%) said that security incidents related to the use of mobile devices had cost their organization in excess of $250,000 to remediate.

The increase in associated breach costs comes as a result of an increase in their volume and severity, according to Check Point UK managing director, Keith Bird.

“As the data shows, more and more devices are connecting to networks, and faster than security can be deployed on them, so there is a corresponding increase in mobile breaches,” he told Infosecurity.

“That in turn makes it more likely that a serious breach will occur, which will cost more to investigate and remediate.”

Perhaps it’s not surprising that those surveyed were rather pessimistic about the coming year, with 82% saying they expected security incidents to grow in 2015.

Nearly all (98%) were worried about the impact of a mobile security incident, with lost or stolen data the number one concern.

Android is perceived as having the greatest security risk, in comparison to iOS, Windows Mobile and BlackBerry. Two-thirds of respondents thought so this year as opposed to 49% in the 2013 report.

The degree of control which IT leaders can reasonably expect to enforce on BYOD handsets will depend on their appetite for risk, Bird said.

“For a majority of firms it is reasonable to enforce basic security rules before a device can connect to the network, or to deploy a cloud solution that the device connects through to safeguard remote sessions,” he said.

“A secure container on devices is also desirable to separate business information and apps – corporate email and so on – from personal data.”